Secrets of a ransomware negotiator

Many gangs still operate in Russia and Ukraine, though ransomware hubs have emerged in Iran, Brazil, India, North Korea, China and Peru. Some hackers seem to work independently, like pirates. Others appear to have links to their country’s government, or at least a licence to harass Western companies as long as they don’t cause so much harm that the... See more

n 2022 the amount of money that cyber-insurance providers paid out to American companies came to more than $4bn. Claims included business-interruption costs, crisis PR services, support from incident-response teams and ransom payments, which gangs tend to demand in the form of cryptocurrency. The following year ransomware attacks shot up 70%, accor... See more

Over time, gangs began licensing their model to freelancers, known in the industry as “affiliates”. When an affiliate buys the right to use a gang’s software and branding, they also gain access to its credibility. The gang in turn tries to enforce protocols so that its reputation is not undermined by the actions of freelancers. “It is strictly forb... See more

Valéry Riess-Marchive, a cyber-security journalist, believes that only 10% of ransomware incidents are reported, which would put the worldwide number of attacks last year at around 44,000. Businesses stay quiet not only to protect their reputations but also to avoid fines for exposing personal information.

Meghan Hannes, a cyber-insurance portfolio manager, remembers the moment she realised the ground had shifted, back in 2019. “My claims person called and said, ‘Hey Meg, we had seven ransomware demands this week, and they’re all for millions of dollars,’” she said

A decade or so ago Hare-Brown noticed a rise in insurance companies offering cyber-crime policies, and thought there might be demand for a firm that could perform risk assessments and investigations for them. He started STORM Guidance in 2014, and Shah came on board five years later.

For the most part, the gangs operate like corporations, with human-resources departments and complex bureaucracies. Prominent groups issue press releases (“We are pleased to announce that we have successfully encrypted Henry Schein’s network and extracted 35 Terabytes of sensitive data”) and have user-friendly homepages on the dark web, where victi... See more